How is sensitive data protected?

All documents are encrypted with AES-256-GCM at rest and TLS 1.2+ in transit. A GDPR anonymization layer removes PII before any AI processing. Hosted on Vercel + Supabase (both SOC 2 Type II); Decision Intel’s own product-level audit is targeted for Q4 2026.

How long does integration take?

Less than 30 minutes. Upload documents directly, connect via OAuth for Slack, or use our REST API for bulk processing.

How does outcome tracking work?

Outcomes are detected automatically from follow-up documents, Slack messages, and web intelligence. You confirm with one click. Each reported outcome makes your future analyses more accurate.

How is Decision Intel different from ChatGPT or a general AI assistant?

ChatGPT gives one opinion from one model: ungoverned, untraceable, unaudited. Decision Intel is the reasoning audit platform. Most tools audit your data; we audit your reasoning — and catch the fatal blind spots in strategic memos before the committee does. It measures the noise in your reasoning the same way Kahneman did in the insurance underwriter study, simulates an AI boardroom of CEO, CFO, and board personas, runs what-if interventions against a 143-case public reference library, and compounds every confirmed outcome back into a calibrated Decision Quality Index your audit committee can defend. Not a chatbot; a reasoning audit, checkable from memo to outcome.

Security & privacy

Your strategic memos are evidence.
We treat them that way.

GDPR anonymization runs first — before any analysis LLM sees your text. AES-256-GCM at rest. TLS 1.2+ in transit. No training on your content. And a 30-day hard-delete when you’re done.

This page is the full policy and the full security posture, laid out so you can read it in five minutes instead of fifty.

Walk through the lifecycle Your GDPR rights Ask a question

Data lifecycle

PII is stripped before any LLM sees your memo.

encrypted

Upload

TLS 1.2+

Anonymize

PII stripped

Analyze

in-tenant

Vault

AES-256-GCM

Your tenant only. Nothing crosses org boundaries. Nothing trains upstream models.

Controller identity

Who is responsible for your data.

The legal entity that determines the purposes and means of processing under GDPR. The contact below is the route for any data-protection question, request, or complaint.

Data controller

Decision Intel

United Kingdom (formation pending)

Registered office

Address to be confirmed on incorporation

Founder is currently UK-resident; legal entity formation in progress.

Data-protection contact

team@decision-intel.com

We respond within 30 days.

For organisations established outside the European Economic Area or the United Kingdom, we do not currently maintain an in-region representative under GDPR Art 27 / UK GDPR because we do not yet meet the activity thresholds that would require one. This page will name a representative if and when those thresholds are met.

The stack

Five guarantees, non-negotiable.

Every strategic memo is high-leverage data. These are the defaults you get from the moment you create an account. Not premium features, not paid add-ons.

GDPR anonymizer runs first

PII is detected and redacted before any analysis LLM sees the document. It is the literal first node in the pipeline, not a post-hoc scrub.

AES-256-GCM at rest

Document content is encrypted with authenticated AES-256-GCM. Keys are held in environment-variable secrets, separate from the ciphertext database; migration to a dedicated key-management service is on the roadmap.

TLS 1.2+ in transit

Every request between your browser, our API, and third-party processors uses modern TLS. No plaintext paths.

No model training on your data

Your documents are not used to train any upstream model. Every processor operates under no-training contract terms.

30-day hard-delete

Delete your account and every document, analysis, and associated record is permanently erased within 30 days.

The lifecycle

What happens to a document, step by step.

Four stages between upload and rest. The most load-bearing is the second: anonymization happens before your text reaches any analysis model, not after.

01

Upload via TLS 1.2+

Your memo travels from your browser to our API over modern TLS. Nothing touches disk in plaintext, not even briefly.

Load-bearing

02

GDPR anonymization

The first pipeline node (before analysis) scans for PII (names, emails, account numbers, internal IDs) and redacts in place. Anonymized text is what the reasoning models receive.

03

Analysis inside your tenant

Analysis runs entirely within your organization's data scope. No cross-tenant aggregation, no shared model memory, no contribution to any global training run.

04

Encrypted at rest (AES-256-GCM)

Results and the original document are stored encrypted with authenticated AES-256-GCM. Keys are held in environment-variable secrets, separate from the ciphertext database; migration to a dedicated key-management service is on the roadmap.

What we collect

Four categories. Every one justified.

Account

What

Name, email, and organization via Google OAuth (Supabase). We never see or store your Google password.

How we use it

Authenticate sessions and enforce per-org data isolation.

Documents

What

Strategic memos, board decks, market-entry recommendations, and any other files you upload.

How we use it

Analyzed by our pipeline and stored AES-256-GCM encrypted in your organization’s vault.

Usage

What

Feature-usage events, analysis completion metrics, performance timings.

How we use it

Improve the product and debug errors. No cross-tenant aggregation is exposed externally.

Integrations

What

Encrypted Slack / Drive tokens, and only the content you explicitly route through the bot or share.

How we use it

Execute the integration you asked for. We do not read your full Slack history or crawl your Drive.

What we never do

Explicit prohibitions.

The inverse list matters as much as the positive one. Every bullet below is a thing we will not do, by design and by policy.

Sell your data or share it with data brokers
Use your documents to train our models or upstream LLMs
Allow any cross-tenant data access or analysis
Set third-party tracking or advertising cookies
Read your full Slack history or mailbox beyond what you explicitly route through us
Retain documents after account deletion beyond the 30-day purge window

Your rights

Five rights, one response window.

If you are in the EEA, United Kingdom, or a jurisdiction with similar data-protection law, you can exercise any of these. We respond within 30 days.

Right to access

Request a full machine-readable export of the data we hold about you (Art 15).

Right to rectification

Correct any inaccurate or outdated personal data (Art 16).

Right to erasure

Delete your account and trigger a 30-day hard-purge of every associated record (Art 17).

Right to portability

Export your analyses and documents in structured, portable formats (Art 20).

Right to object

Opt out of any specific processing activity, including anonymized causal-edge contribution (Art 21).

Right to automated-decision contestation

Where Decision Intel’s pipeline produces outputs that significantly affect you, request human review of the logic applied (Art 22). The Decision Provenance Record provides the meaningful information about the logic involved.

To exercise any right, email team@decision-intel.com. We respond within 30 days.

Right to lodge a complaint with a supervisory authority (Art 77)

If you believe your rights under GDPR or UK GDPR have not been respected, you may lodge a complaint with the supervisory authority of your habitual residence, place of work, or place of the alleged infringement. Examples include the UK ICO, the CNIL (France), the Irish DPC, the Nigerian NITDA / NDPB, or the South African Information Regulator. Where possible, we ask you to contact us first so we can resolve the issue directly.

If you're named in someone else's document

A path for third-party data subjects

If you're identified or referenced inside a strategic memo a Decision Intel customer uploaded, and that document's analysis bears on a decision that significantly affects you, GDPR Article 22 (and equivalent NDPR / PoPIA / UK GDPR provisions) gives you the right to obtain meaningful information about the logic involved, to express your point of view, and to contest the decision.

Email team@decision-intel.com with the subject line “Art 22 request · third-party data subject”. Tell us your name and (where you can) the customer organisation whose document identifies you.
We acknowledge within 5 working days and route the request to the controller (the Decision Intel customer who uploaded the document). The customer is the data controller; Decision Intel is the processor and assists their response.
The controller responds within 30 days under GDPR Art 12(3). The response includes the meaningful information about the logic, which the Decision Provenance Record is engineered to provide. You may then express your point of view and contest the decision under Art 22(3).
If unresolved, you retain the right to lodge a complaint with the supervisory authority listed above (ICO / CNIL / Irish DPC / NITDA / SA Information Regulator), and the right to an effective judicial remedy under GDPR Art 79.

Note:Decision Intel never produces automated decisions about a third-party subject in isolation. Every output is a decision-quality audit on a strategic memo authored by a Decision Intel customer. The Art 22 contestation right applies when that customer’s decision (informed by the audit) significantly affects you. The DPR provides the “meaningful information about the logic” the regulator requires; we surface it on request.

Lawful basis

Why each processing activity is permitted under GDPR Art 6.

A separate lawful basis applies to each category of processing. Where the basis is legitimate interest, you have an unconditional right to object below.

Account creation, authentication, document analysis

Performance of a contract (Art 6(1)(b))

These activities are necessary to provide the service you have signed up for. Without them, the platform cannot function.

Transactional emails (auth flows, billing receipts, security notifications)

Performance of a contract (Art 6(1)(b))

Required to deliver the service and meet our security-incident notification commitments.

Aggregate product analytics (no identifiers, no document content)

Legitimate interest (Art 6(1)(f))

Needed to debug errors and improve the product. The interest is balanced against your privacy by collecting only aggregate event data and giving you the right to object below.

Compliance and audit-log retention

Legal obligation (Art 6(1)(c))

EU AI Act Article 14 record-keeping, GDPR accountability, and SOX-equivalent audit obligations require retained logs of sensitive actions.

Marketing emails or newsletters (only when you opt in)

Consent (Art 6(1)(a))

Sent only with explicit opt-in; you may withdraw consent at any time.

International data transfers

Where your data goes, and the legal mechanism that covers the journey.

Several of our sub-processors are US-headquartered. Where personal data of EEA, UK, Swiss, Nigerian, or South African residents is transferred outside their home jurisdiction, the transfer is covered by a recognised mechanism.

EEA → US transfersrely on the EU–US Data Privacy Framework (DPF) where the recipient is DPF-self-certified, or on the European Commission Standard Contractual Clauses (Module 2 / Module 3) backed by a documented Transfer Impact Assessment where it is not.

UK → US transfers rely on the UK International Data Transfer Addendum (IDTA) to the EU SCCs, and on the UK Extension to the DPF where applicable.

Nigeria → US transfers rely on NDPR-compliant data-transfer agreements with onward-transfer prohibitions, mirroring the GDPR-equivalent safeguards required by the NDPR 2019 Implementation Framework.

South Africa → US transfers rely on PoPIA s.72 with the recipient bound to a level of protection substantially similar to PoPIA via contractual safeguards.

Onward transfers are restricted by contract: each sub-processor is bound to the same protections we apply, and any addition triggers the 30-day prior-notice mechanism described in our Terms of Service. To request a copy of the active SCCs, IDTA, or sub-processor list, contact team@decision-intel.com.

Third-party processors

The short list.

These are the only external services your data touches. Each has a specific role, and each is contractually bound not to train on or resell your content.

Supabase

Authentication and encrypted Postgres hosting (US production region; EU residency available on Enterprise design-partner configurations, subject to confirmation with the Decision Intel team before signature).

Google AI

Primary analysis model (US region). Processed under no-training terms; input is anonymized first.

Anthropic

Fallback analysis when explicitly enabled (US region). Same no-training terms.

Stripe

Payment processing. We never see or store card numbers.

Resend

Transactional email (auth flows, magic links, password resets, account notifications). SOC 2 Type II.

Sentry

Error and performance telemetry. PII scrubbers enabled at the SDK layer.

Vercel

Application hosting and serverless compute (multi-region edge; primary US).

Cloudflare

DNS and inbound email routing for *@decision-intel.com addresses.

Retention

We retain your data while your account is active. On deletion, every personal record, uploaded document, analysis, and associated row is permanently removed within 30 days. Fully anonymized aggregate analytics (no identifiers, no content) may be retained to improve the product.

Cookies

Only essential session cookies (Supabase auth). We do not set third-party tracking cookies or advertising cookies. Analytics is collected server-side without cookies.

Changes to this policy

We may update this policy. Material changes are highlighted on this page and the "Last updated" date below changes. Your continued use constitutes acceptance.

Contact

Privacy questions, complaints, or rights requests: team@decision-intel.com

Last updated: April 16, 2026

← Back to home

Security & privacy

Your strategic memos are evidence.
We treat them that way.

GDPR anonymization runs first — before any analysis LLM sees your text. AES-256-GCM at rest. TLS 1.2+ in transit. No training on your content. And a 30-day hard-delete when you’re done.

This page is the full policy and the full security posture, laid out so you can read it in five minutes instead of fifty.

Walk through the lifecycle Your GDPR rights Ask a question

Data lifecycle

PII is stripped before any LLM sees your memo.

encrypted

Upload

TLS 1.2+

Anonymize

PII stripped

Analyze

in-tenant

Vault

AES-256-GCM

Your tenant only. Nothing crosses org boundaries. Nothing trains upstream models.

Controller identity

Who is responsible for your data.

The legal entity that determines the purposes and means of processing under GDPR. The contact below is the route for any data-protection question, request, or complaint.

Data controller

Decision Intel

United Kingdom (formation pending)

Registered office

Address to be confirmed on incorporation

Founder is currently UK-resident; legal entity formation in progress.

Data-protection contact

team@decision-intel.com

We respond within 30 days.

The stack

Five guarantees, non-negotiable.

Every strategic memo is high-leverage data. These are the defaults you get from the moment you create an account. Not premium features, not paid add-ons.

GDPR anonymizer runs first

PII is detected and redacted before any analysis LLM sees the document. It is the literal first node in the pipeline, not a post-hoc scrub.

AES-256-GCM at rest

TLS 1.2+ in transit

Every request between your browser, our API, and third-party processors uses modern TLS. No plaintext paths.

No model training on your data

Your documents are not used to train any upstream model. Every processor operates under no-training contract terms.

30-day hard-delete

Delete your account and every document, analysis, and associated record is permanently erased within 30 days.

The lifecycle

What happens to a document, step by step.

Four stages between upload and rest. The most load-bearing is the second: anonymization happens before your text reaches any analysis model, not after.

01

Upload via TLS 1.2+

Your memo travels from your browser to our API over modern TLS. Nothing touches disk in plaintext, not even briefly.

Load-bearing

02

GDPR anonymization

The first pipeline node (before analysis) scans for PII (names, emails, account numbers, internal IDs) and redacts in place. Anonymized text is what the reasoning models receive.

03

Analysis inside your tenant

Analysis runs entirely within your organization's data scope. No cross-tenant aggregation, no shared model memory, no contribution to any global training run.

04

Encrypted at rest (AES-256-GCM)

What we collect

Four categories. Every one justified.

Account

What

Name, email, and organization via Google OAuth (Supabase). We never see or store your Google password.

How we use it

Authenticate sessions and enforce per-org data isolation.

Documents

What

Strategic memos, board decks, market-entry recommendations, and any other files you upload.

How we use it

Analyzed by our pipeline and stored AES-256-GCM encrypted in your organization’s vault.

Usage

What

Feature-usage events, analysis completion metrics, performance timings.

How we use it

Improve the product and debug errors. No cross-tenant aggregation is exposed externally.

Integrations

What

Encrypted Slack / Drive tokens, and only the content you explicitly route through the bot or share.

How we use it

Execute the integration you asked for. We do not read your full Slack history or crawl your Drive.

What we never do

Explicit prohibitions.

The inverse list matters as much as the positive one. Every bullet below is a thing we will not do, by design and by policy.

Sell your data or share it with data brokers
Use your documents to train our models or upstream LLMs
Allow any cross-tenant data access or analysis
Set third-party tracking or advertising cookies
Read your full Slack history or mailbox beyond what you explicitly route through us
Retain documents after account deletion beyond the 30-day purge window

Your rights

Five rights, one response window.

If you are in the EEA, United Kingdom, or a jurisdiction with similar data-protection law, you can exercise any of these. We respond within 30 days.

Right to access

Request a full machine-readable export of the data we hold about you (Art 15).

Right to rectification

Correct any inaccurate or outdated personal data (Art 16).

Right to erasure

Delete your account and trigger a 30-day hard-purge of every associated record (Art 17).

Right to portability

Export your analyses and documents in structured, portable formats (Art 20).

Right to object

Opt out of any specific processing activity, including anonymized causal-edge contribution (Art 21).

Right to automated-decision contestation

To exercise any right, email team@decision-intel.com. We respond within 30 days.

Right to lodge a complaint with a supervisory authority (Art 77)

If you're named in someone else's document

A path for third-party data subjects

Email team@decision-intel.com with the subject line “Art 22 request · third-party data subject”. Tell us your name and (where you can) the customer organisation whose document identifies you.
We acknowledge within 5 working days and route the request to the controller (the Decision Intel customer who uploaded the document). The customer is the data controller; Decision Intel is the processor and assists their response.
The controller responds within 30 days under GDPR Art 12(3). The response includes the meaningful information about the logic, which the Decision Provenance Record is engineered to provide. You may then express your point of view and contest the decision under Art 22(3).
If unresolved, you retain the right to lodge a complaint with the supervisory authority listed above (ICO / CNIL / Irish DPC / NITDA / SA Information Regulator), and the right to an effective judicial remedy under GDPR Art 79.

Lawful basis

Why each processing activity is permitted under GDPR Art 6.

A separate lawful basis applies to each category of processing. Where the basis is legitimate interest, you have an unconditional right to object below.

Account creation, authentication, document analysis

Performance of a contract (Art 6(1)(b))

These activities are necessary to provide the service you have signed up for. Without them, the platform cannot function.

Transactional emails (auth flows, billing receipts, security notifications)

Performance of a contract (Art 6(1)(b))

Required to deliver the service and meet our security-incident notification commitments.

Aggregate product analytics (no identifiers, no document content)

Legitimate interest (Art 6(1)(f))

Needed to debug errors and improve the product. The interest is balanced against your privacy by collecting only aggregate event data and giving you the right to object below.

Compliance and audit-log retention

Legal obligation (Art 6(1)(c))

EU AI Act Article 14 record-keeping, GDPR accountability, and SOX-equivalent audit obligations require retained logs of sensitive actions.

Marketing emails or newsletters (only when you opt in)

Consent (Art 6(1)(a))

Sent only with explicit opt-in; you may withdraw consent at any time.

International data transfers

Where your data goes, and the legal mechanism that covers the journey.

UK → US transfers rely on the UK International Data Transfer Addendum (IDTA) to the EU SCCs, and on the UK Extension to the DPF where applicable.

South Africa → US transfers rely on PoPIA s.72 with the recipient bound to a level of protection substantially similar to PoPIA via contractual safeguards.

Third-party processors

The short list.

These are the only external services your data touches. Each has a specific role, and each is contractually bound not to train on or resell your content.

Supabase

Google AI

Primary analysis model (US region). Processed under no-training terms; input is anonymized first.

Anthropic

Fallback analysis when explicitly enabled (US region). Same no-training terms.

Stripe

Payment processing. We never see or store card numbers.

Resend

Transactional email (auth flows, magic links, password resets, account notifications). SOC 2 Type II.

Sentry

Error and performance telemetry. PII scrubbers enabled at the SDK layer.

Vercel

Application hosting and serverless compute (multi-region edge; primary US).

Cloudflare

DNS and inbound email routing for *@decision-intel.com addresses.

Retention

Cookies

Only essential session cookies (Supabase auth). We do not set third-party tracking cookies or advertising cookies. Analytics is collected server-side without cookies.

Changes to this policy

We may update this policy. Material changes are highlighted on this page and the "Last updated" date below changes. Your continued use constitutes acceptance.

Contact

Privacy questions, complaints, or rights requests: team@decision-intel.com

Last updated: April 16, 2026

← Back to home

Your strategic memos are evidence.We treat them that way.

Who is responsible for your data.

Five guarantees, non-negotiable.

What happens to a document, step by step.

Four categories. Every one justified.

Explicit prohibitions.

Five rights, one response window.

A path for third-party data subjects

Why each processing activity is permitted under GDPR Art 6.

Where your data goes, and the legal mechanism that covers the journey.

The short list.

Your strategic memos are evidence.We treat them that way.

Who is responsible for your data.

Five guarantees, non-negotiable.

What happens to a document, step by step.

Four categories. Every one justified.

Explicit prohibitions.

Five rights, one response window.

A path for third-party data subjects

Why each processing activity is permitted under GDPR Art 6.

Where your data goes, and the legal mechanism that covers the journey.

The short list.

Your strategic memos are evidence.
We treat them that way.

Your strategic memos are evidence.
We treat them that way.